Malicious sites concentrated in 10 countries

Dubai, August 16, 2011

About 87 percent of the websites used to spread malicious programs were concentrated in just 10 countries, according to a study by Kaspersky Lab.

The company’s experts have identified a number of important trends after analysing vast numbers of IT threats during the second quarter of 2011, it said.

Navigating the web remains the riskiest activity on the Internet with malicious URLs that serve exploit kits, bots, ransomware Trojans, etc. being the most frequently detected objects (65.44 percent) online, the company said.

The first two places in the “top 10” countries were occupied by the US (28.53 percent) and Russia (15.99 percent).

The Netherlands leads the way in reducing the number of malicious hosting sites: compared to the previous quarter, its share has fallen by 4.3 percentage points to 7.57percent. This is down primarily to the efforts of the Dutch police and includes the neutralizing of botnets such as Bredolab and Rustock, the company said.

Countries have been divided into groups according to their online threat levels- High-risk countries (41-60 percent unique users subject to web attacks). This group includes: Oman, Russia, Iraq, Azerbaijan, Armenia, Sudan, Saudi Arabia and Belarus. Newcomers to this group in Q2 were Sudan and Saudi Arabia, while Kazakhstan dropped down a level.

The US, at 40.2 percent, is very close to joining the high-risk group of countries due to the increase in the number of FakeAV detections, a statement said.

Safe-surfing countries (11.4-21 percent). This group comprised 28 countries and included Switzerland (20.9 percent), Poland (20.2 percent), Singapore (19.6 percent) and Germany (19.1 percent). In the second quarter of 2011, five countries left this group, including Finland which entered a higher risk group with 22.1 percent.

India was among the top 10 countries in which users’ computers ran the highest risk of local infection. Every second computer in the country was at risk of local infection at least once in the past three months.

“Over the last few years, India has been growing steadily more attractive to cybercriminals as the number of computers in the country increases steadily. Other factors that attract the cybercriminals include a low overall level of computer literacy and the prevalence of pirated software that is never updated,” said Yury Namestnikov, senior virus analyst, Kaspersky Lab.

For the very first time in its history, the Top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (Java), with seven of those 10 vulnerabilities being found in Adobe Flash Player alone.

Microsoft products have disappeared from this ranking due to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs, he said.

Hacking of major companies has increased with the list of victims including Sony, Honda, Fox News, Epsilon and Citibank.

The evidence surrounding the hacking of Sony’s services shows that the main objective of the hackers was not to earn a quick buck, but rather it was part of a wave of “hacktivism” — hacking or bringing down systems in protest against the actions of governments or large corporations — which is continuing to gain momentum.

In the first quarter of the year, a new group called LulzSec emerged, which in 50 days succeeded in hacking a number of systems and publishing the personal information of tens of thousands of users.

The number of fake antivirus programs detected globally by Kaspersky has also begun to increase with the number of users whose computers blocked attempts to install counterfeit software increasing by 300 percent in just three months, it said.

The number of mobile threats targeting different mobile platforms continues to increase: detected threats running on J2ME doubled during Q2 2011, while the number of detections of malicious programs targeting Android nearly tripled. Once again malicious programs were detected in the official Android store Android Market.

The growing popularity of bitcoin, a special program that allows “money” to be generated on users’ computers, is a magnet to those who seek to acquire money by illegal means. Encrypted wallets containing money can be stored on users’ computers and access can be gained to these wallets by entering the right password.

Malicious users typically steal the wallets first and then try to determine the passwords afterwards.

A relatively simple Trojan was detected in Q2 that sent bitcoin wallets to malicious users when launched. This led the cybercriminals to come up with the novel idea of making unsuspecting users engage in bitcoin mining for them, a statement said.

In late June, Kaspersky Lab discovered a malicious program comprised of a legitimate bitcoin mining program (bcm) and controlled by a Trojan module. After the Trojan is launched, the infected computer begins to generate bitcoins for the malicious users, it said. – TradeArabia News Service